Mobility Group Member Down Status

Similar Messages

• Mobility group between controller 4400 and virtual wlc

  Hello everybody...
  I read the configuration guide about the 7.3 release. And I figured out that you will need a hash key for establishing a mobility group relation between a controller and a virtual controller. The 7.3 release for the 5500 series works fine for me.
  But the latest release 7.0.235.0 for the wireless lan controller series 4400 does not have a functionality to add a hash key while creating a new mobility group member.
  The command "config mobility group member hash" is totally missing.
  Does anybody have an idea how to establish a mobility group between a 4400 controller and a virtual then?
  Best regards,
    Sebastian Wieseler

  The vWLC is out since yesterday.
  We installed it in our lab and the deployment guide is out now, too.
  Anyway... the hash is "god-given" in the vWLC. I can't change it to "none". So it is quite mandatory to enter a hash in the 4400 controller otherwise it just do not pair. So I am unable to establish a mobility group.
  Any other ideas?

• Unable to add new WLC to the Mobility Group

  Hi,
  Any help will be very welcome.
  I recently add a second CT5508 to the network, but when I tried to add the first 5508 to the mobilty group I received a message like this:
  "error in creating member"
  I've tried different mobility names, via GUI, via CLI and always the same error.
  I've verified twice or more than twice connectivity issues or any error on the entering the MAC and IP of the controllers, everything is fine.
  Any idea?
  I'm using version 7.0.116.0
  Thanks

  Hello Moises,
  Did you load a configuration backup from your first WLC to the new second WLC? If so, it's possible we have a stale duplicate entry from loading a configuration.
  On the WLC where you cannot add the member, let's try clearing out the stale entry from the CLI:
  config mobility group member delete 00:00:00:00:00:00
  Then, try to add the member and see if it works.
  -Pat

• WiSM - Mobility Group - Control Path Down

  I have 2 WiSMs with 4 WLCs. Each WLC is in the same subnet. I have set up the mobility group using the virtual interface MAC address. I get a Control Path Down message for any WLC on another WiSM e.g
  From controller 10.x.x.1 on WiSM 1, 10.x.x.1 and 10.x.x.2 (on WiSM 1) show as UP in mobility groups, but 10.x.x.3 and 10.x.x.4 (on WiSM 2) show Control Path Down.
  I have tried setting them up using the management interface MAC address but when I click apply it says there is a problem creating the member with MAC (MAC address of the controller I am on).
  Any suggestions?

  It SHOULD BE MANAGEMENT INT MAC WHICH ENDS WITH ZERO..
  Either
  WLC >> Controller >> Interfaces >> Managemet >> MAC address
  OR
  WLC >> Controller >> Interfaces >> Managemet >>Inventory >> MAC Address..
  Regards
  Surendra

• WLC 7.4.100.0 Mobility group control and data path down

  Hi All,
  Today i am facing issue with mobility group. i checked and found  control and data path is down on foreign controller.I am able to ping anchor controller. Required ports are open on firewall but mping and eping fails. Any idea whats wrong. On Anchor controller, i have 7 foreign controller configured and among these 3 are working fine. Having problem with 4 foreign controller. Previously all are working fine and there is no changes made on network or firewall.            

  Post output of "show mobility summary" of your Anchor WLC & a non-working WLC. Also "show sysinfo" of those two controllers.
  Regards
  Rasika

• WLC Mobility Group problem

  Hi to all,
  we've two internal WLC which belong to the same MG (the default one), and one DMZ WLC which belongs to another MG.
  All are running OS 4.2.61
  After configuring Mobility Group using the "edit all" inserting the WLC IP address and MAC of the MGMT interface and the name of the MG which they belong, I notice a strange behaviour:
  - WLC1 has Data path UP with internal's WLC2 and DMZ WLC...but Control path is down.
  - WLC2 has Data path and Control path UP with DMZ WLC and only Data path UP with WLC1
  - DMZ WLC has Data path and Control path UP with DMZ WLC and only Data path UP with WLC1
  MG Secure Mode is disabled on all WLC's seeing the following bug CSCsk36683 (The mobility control path is down when secure mode is enabled).
  Reachability via ping is OK, via eping the same but mping are not working from WLC1 to WCL2 and from DMZ WLC to WLC2
  I've already restarted both controllers without success...what i've noticed is on WLC2 and DMZ WLC msglog there are a lot of these entries with a lot of RX errors ===>>>MM-3-INVALID_PKT_RECVD: Received an invalid packet from X.X.X.X. Source member:0.0.0.0. source member unknown.
  any idea?
  Tnx
  Omar

  Here is the URL for the configuration for the Mobility Group follow the URL which will help you :
  http://www.cisco.com/en/US/tech/tk722/tk809/technologies_configuration_example09186a00809817ca.shtml

• Multiple Ports & Mobility Groups

  On our wireless network we have two 6509-E switches each with a WiSM and a 5508 WLC. The 5508 WLC only had one port connected to one of the 6509 units then we added another port on the 5508 to the other 6509. Do I need to add the IP and MAC address of the the second port of the 5508 to the existing Mobility Group?
  Thanks for any help.
  Jeff

  When you adding mobility member you need to configure the Controller IP address  & its MAC address (NOT the interface MAC address WLC connect to). Therefore in any connection type (LAG enabled or NOT) it has to be your 5508 controller IP address & its own MAC address.
  If you type "show sysinfo" or "show mobility summary" on your 5508 you can get this information as shown below. Then you can add that onto your exisiting mobility group configuration of WiSM (you have to add WiSM detail on your 5508 mobility config as well)
  (5508) >show sysinfo
  Manufacturer's Name.............................. Cisco Systems Inc.
  Product Name..................................... Cisco Controller
  Product Version.................................. 7.5.102.0
  System Name...................................... 5508
  IP Address....................................... 10.10.10.10
  Burned-in MAC Address............................ 64:00:F1:F5:B0:80
  Power Supply 1................................... Present, OK
  Power Supply 2................................... Present, OK
  (5508) >show mobility summary
  Mobility Protocol Port........................... 16666
  Default Mobility Domain.......................... dmz
  Multicast Mode .................................. Disabled
  Mobility Domain ID for 802.11r................... 0xe49d
  Mobility Keepalive Interval...................... 10
  Mobility Keepalive Count......................... 3
  Mobility Group Members Configured................ 9
  Mobility Control Message DSCP Value.............. 0
  Controllers configured in the Mobility Group
  MAC Address        IP Address                                       Group Name                        Multicast IP                                     Status
  64:00:f1:f5:b0:80  10.10.10.10                                     dmz                               0.0.0.0  
  HTH
  Rasika
  ***** Pls rate all useful responses ****

• Problem configuring mobility group

  Hi, I'm trying to configure a mobility group between 4 WLC's. 2 of 4 form a group and those two are the two on the same cards.
  The two cards are on separate subnets and each have are connected to a FW. I've opened up for UDP12222-12223 UDP16666-16667 protocol 50 and protocol 97
  any other ideas?

  Yes these are WiSM blades!
  ##from .15## Controllers configured in the Mobility Group
  MAC Address IP Address Group Name Status
  00:1e:4a:fa:68:c0 x.x.x.10 brf Control and Data Path Down
  00:1e:4a:fa:68:e0 x.x.x.42 brf Control Path Down
  00:1e:4a:fa:99:60 x.x.x.15 brf Up
  00:1e:4a:fa:99:80 x.x.x.47 brf Control Path Down
  ##from .10## Controllers configured in the Mobility Group
  MAC Address IP Address Group Name Status
  00:1e:4a:fa:68:c0 x.x.x.10 brf Up
  00:1e:4a:fa:68:e0 x.x.x.42 brf Control and Data Path Down
  00:1e:4a:fa:99:60 x.x.x.15 brf Control and Data Path Down
  00:1e:4a:fa:99:80 x.x.x.47 brf Control and Data Path Down
  10 and 15 are on the same subnet and the same wism
  42 and 47 are on the same subnet and the same wism

• WLC 5508 * 2 & Mobility Group

  What I am trying to configure is Mobility Groups.
  My understanding is that this will allow AP to successfully register and fail over over seamlessly if any of the WLC had to fail ?
  It could be I am confusing two things into one :( & I am totally confused and not understanding the benefits of mobility group mentioned above.
  Also when a AP starts up and registers with the WLC ......I click on a registered AP > High Availability ( Primary / Sec / Tertiary ) all fields are blank...
  Initially I also thought that once my SSO is all setup and working than those options "AP > High Availability" will get populated automatically but clearly not unless something is not working.
  My current config is as follows:-
  WLC 5508 * 2
  WLC 1 - Primary
  WLC 2 - HA SKU (Secondary )
  Redundancy = SSO (Both AP and Client SSO)
  =============
  (Cisco Controller) >show sysinfo
  Manufacturer's Name.............................. Cisco Systems Inc.
  Product Name..................................... Cisco Controller
  Product Version.................................. 7.6.130.0
  Bootloader Version............................... 1.0.20
  Field Recovery Image Version..................... 7.6.101.1
  Firmware Version................................. FPGA 1.7, Env 1.8, USB console 2.2
  Build Type....................................... DATA + WPS
  System Name...................................... WLC5508
  System Location..................................
  System Contact...................................
  System ObjectID.................................. 1.3.6.1.4.1.9.1.1069
  Redundancy Mode.................................. SSO (Both AP and Client SSO)
  IP Address....................................... 10.31.66.21
  Last Reset....................................... Software reset
  System Up Time................................... 0 days 22 hrs 39 mins 57 secs
  System Timezone Location......................... (GMT) London, Lisbon, Dublin, Edinburgh
  System Stats Realtime Interval................... 5
  System Stats Normal Interval..................... 180
  Configured Country............................... GB  - United Kingdom
  Operating Environment............................ Commercial (0 to 40 C)
  --More-- or (q)uit
  Internal Temp Alarm Limits....................... 0 to 65 C
  Internal Temperature............................. +38 C
  External Temperature............................. +21 C
  Fan Status....................................... OK
  State of 802.11b Network......................... Enabled
  State of 802.11a Network......................... Enabled
  Number of WLANs.................................. 1
  Number of Active Clients......................... 0
  Burned-in MAC Address............................ F8:72:EA:EE:5B:B2
  Power Supply 1................................... Present, OK
  Power Supply 2................................... Absent
  Maximum number of APs supported.................. 500
  ============================================
  TA

  TA,
  Mobility and mobility groups are used for the wireless users roaming. What we know that a wireless users can roam between different APs within the same WLC, but when the SSID is used within multiple WLCs, and the client wanted to roam to an AP joined to another WLC, you would need to configure WLC mobility to maintain seamless roaming. For more info:
  http://www.cisco.com/c/en/us/td/docs/wireless/controller/8-0/configuration-guide/b_cg80/b_cg80_chapter_010001101.html
  Now, I understand that your purpose is to have high availability for your APs. No this is done traditionally from the AP page, under HA tab, where you configure the WLCs names and IPs there. This can be done manually on each AP (you can use CLI to make it easier) or you can push a configuration template using a management server (WCS/NCS/CPI).
  Configuring HA on the AP:
  http://www.cisco.com/c/en/us/td/docs/wireless/controller/8-0/configuration-guide/b_cg80/b_cg80_chapter_01110000.html
  http://www.cisco.com/c/en/us/td/docs/wireless/controller/8-0/configuration-guide/b_cg80/b_cg80_chapter_01110001.html
  Using CPI to push AP configuration templates:
  http://www.cisco.com/c/en/us/td/docs/wireless/prime_infrastructure/2-0/configuration/guide/pi_20_cg/temp.html
  Now mobility may play a role in this, as if you have already configured mobility for your WLCs, then you won't need to configure a "name" for the WLCs when you add them under the HA tab in AP configuration page. That's it.
  BR, Ala

• N+1 redundancy and different mobility groups

  Is it possible to backup 2 controllers with 2 different mobility groups (for example GROUP1 and GROUP2) to the same backup controller (running HA SKU N+1 (7.4)) ?
  Since a controller can only be configured in 1 mobility group, this doesn't seem to be possible. Can someone confirm ?
  regards,
  Geert

  Hello,
  As per your query i can suggest you the following solution-
  In all Wireless LAN Controller (WLC) versions earlier than 4.2.61.0, when a WLC goes "down," the LAP registered to this WLC can failover only to another WLC of the same Mobility Group, if the LAP is configured for failover. From Cisco WLC version 4.2.61.0 and later, a new feature called Backup Controller Support is introduced for access points to failover to controllers even outside the Mobility Group. Refer to Wireless LAN Controller and Light Weight Access Points Failover Outside the Mobility Group Configuration Example for more information.
  Hope this will help you.

• WiSM redundancy, mobility groups and RF groups

  Hi there
  we would like to implement the following:
  - Support for about 2000 LAP's
  - 1 x Catalyst 6509
  - 1 x Sup 720
  - 7 x WiSM's
  What I'm interesting is are the following points:
  1. I thought that we would build the switch completly redudant, so we have to wlan switches (switch A and B) with 7 WiSM's eatch. So I can garanty a N+N redundancy --> each LAP's has a primary controller on switch A and it's secondary controller on switch B. The LAP's can be splitted on the two switches, but for your understanding there is a 1:1 redundancy. What do you think of this design, is the too much or is this appropriate?
  2. As I know you can build up a mobility group of a maximum of 24 controllers or 12 WiSM's. I would put only these controllers in a mobility group, where Layer 2 roaming can occure.
  3. But what is about the RF groups - there is a maximum of 1000 LAP's, so I can put only 3 WiSM's in one group. But this would not work form me, then I would have 2 WiSM's on switch A and only 1 WiSM on switch B in a RF group (not a 1:1 redundancy). First is it possible to put WiSM-A and WiSM-B into different RF groups, I think so because they are logically splitted, aren't they?
  And what RF group design would be best (just as a reference)? I thought that it would make sense to form a RF group for each of the seven pairs (1 WiSM on switch A and 1 WiSM on switch B) for redundancy? What do you think of that approach?
  4. So I would have 1 mobility group and 7 RF groups. Or do you recommend to form the mobility groups like the RF groups? But what happens with Layer 2 roaming in that case?
  I'm sorry for the long and messy text, but I hope you can see my design questions?
  Thanks a lot in advance.
  Dominic

  It sounds like you already have some good replies. Personally I like N+1 redundancy, but that is a designers choice. One thing I should point out is that the 6500 can only support 5 WiSM cards each. In this case a 4 WiSM x 3 chassis option would give your more spare capacity with only 12 total cards. The lower WiSM cost (12 vs 14) would help offset the cost of the extra chassis. You could also support 2400 APs with 8 WiSM cards even if one switch is down.
  Not too long ago Cisco added the ability to set the priority of APs so your critical ones would join a controller and the less critical ones would go down if a controller failed and there were no redundancy. That is something to keep in mind when designing wireless. You may not need redundancy for all APs and that could affect your design and costs.
  Randy

• WLC 7.3.101.0 Mobility group peer cannot up.

  Hi Guys,
  It seems the 7.3.101 version Mobility group peer cannot up,: refer to the attach,
  Peer 1: version: 7.3.101
  Peer 2: version 7.0.98
  Peer3: version 7.2.103
  Today we got new two WLC for Anchor use, and config the mobility group, but it's failed and cannot up, the ping is ok.

  Chris is right here. One thing I tell my clients is to allow everything between the foreign and the anchor WLC's just to verify that the mobility can come up, then lock it down. Here is some links that explain what test is for what port.
  http://www.cisco.com/en/US/products/ps6366/products_qanda_item09186a00809a30cc.shtml#qa8
  Anchor Controller Positioning
  Because the anchor controller is responsible for termination of guest WLAN traffic and subsequent access to the Internet, it is typically positioned in the enterprise Internet DMZ. In doing so, rules can be established within the firewall to precisely manage communications between authorized controllers throughout the enterprise and the anchor controller. Such rules might including filtering on source or destination controller addresses, UDP port 16666 for inter-WLC communication, and IP protocol ID 97 Ethernet in IP for client traffic. Other rules that might be needed include the following:
  •TCP 161 and 162 for SNMP
  •UDP 69 for TFTP
  •TCP 80 or 443 for HTTP, or HTTPS for GUI access
  •TCP 23 or 22 for Telnet, or SSH for CLI access
  Depending on the topology, the firewall can be used to protect the anchor controller from outside threats.
  For the best possible performance and because of its suggested positioning in the network, it is strongly recommended that the guest anchor controller be dedicated to supporting guest access functions only. In other words, the anchor controller should not be used to support guest access in addition to controlling and managing other LWAPP APs (LAPs) in the enterprise.
  Sent from Cisco Technical Support iPhone App

• Mobility Group Requirements for Guest Anchor WLC

  Hello -
  I've alway assumed you can't create a guest tunnel between a local WLC and an anchor WLC that are in different mobility groups.   However, I was told recently (without much detail) that this is possible.  So I have set out to test this.  
  I am trying to point one of my local WLCs guest SSIDs to a guest anchor WLC in a different mobility group.   I have a maintenance window coming up and I am looking to anchor the clients on one campus to the anchor WLC on the other campus so guest service does not go down.   Each campus is it's own mobility group.   In trying to set this up I went to the "mobility anchors" screen for the guest SSID on one of the local WLCs and I am unable to add the anchor WLC from the other campus because it's non in the drop-down menu.  This is because it's not in the same mobility group.   So my question is how do I anchor clients coming through a local WLC in one mobility group to an anchor WLC in another mobility group?
  To me it doesn't seem possible without significant configuration changes.   I don't want to reconfigure/recreate mobility groups. 
  Thanks
  Chuck

  Not only is it possible, I would recommend it. However, you may be confusing some concepts.
  The Mobility Group is different than the Mobility Domain.  I generally refer to the Mobility Group as those WLCs with the same Default Mobility Group Name, and the Mobility Domain as the entire Mobility List (where you can define up to 72 controllers from various mobility groups).
  The point is that if WLCs 1-10 are GroupA, and WLCs 11-20 are GroupB, for anchoring to work you at least need to add the anchor to the mobility list of the foreign wlc, and vice versa.
  If you notice, when you add a mobility entry to the list, it should ask you for mobility group. If you leave it blank, it should default to that of that WLC,  but on GroupA controllers, you could define GroupB controllers (and specific GroupB) and then you should now have mobility established between your controllers and the Anchor configuration will have your anchors in the drop-down....
  Does that make sense?

• WLC mobility group between 4404 and 5508 controllers

  Mobility 'Control and Data Path Down' between 4404 and 5508 WLC's.
  Hello, we have 5 x 4404 WLC's running 7.0.240.0 with mobility configured fine between them.
  We have installed a 5508 with HA running 7.4.110.0, and have tried to add it to the mobility group, however we see 'Control and Data Path Down' between the new 5508 and all the 4404 controllers.
  All controllers have:
  The same virtual address
  Management interfaces are in the same VLAN, and indeed all the controllers connect via the same pair of 3750X stacked switches.
  The default mobility domain name is the same
  4404 output when issung the command 'show mobility summary'
  Symmetric Mobility Tunneling (current) .......... Enabled
  Symmetric Mobility Tunneling (after reboot) ..... Enabled
  Mobility Protocol Port........................... 16666
  Default Mobility Domain.......................... SGH-Mobility
  Multicast Mode .................................. Disabled
  Mobility Domain ID for 802.11r................... 0xe209
  Mobility Keepalive Interval...................... 10
  Mobility Keepalive Count......................... 3
  Mobility Group Members Configured................ 6
  Mobility Control Message DSCP Value.............. 0
  5508 ouput when issueing the command 'show mobility summary'
  Mobility Architecture ........................... Flat
  Mobility Protocol Port........................... 16666
  Default Mobility Domain.......................... SGH-Mobility
  Multicast Mode .................................. Disabled
  Mobility Domain ID for 802.11r................... 0xe209
  Mobility Keepalive Interval...................... 10
  Mobility Keepalive Count......................... 3
  Mobility Group Members Configured................ 6
  Mobility Control Message DSCP Value.............. 0
  I've spent quite some time double checking all the configurations to no avail.
  Has anybody seen this problem before?
  Kind regards
  Dave Bell

  Thanks Sandeep.
  I am well versed with WLC's and mobility, however trying to add a 5508 to a mobility group with 4404's has come up with a bit of a curve ball.
  All the 4404 controllers all joined the mobility group fine, no problems at all - its only the 5508 I am struggling with.
  In theory its simple, populate the IP address, and MAC addres of the management interface of the remote WLC, as long as the management interfaces are in the same VLAN, and the Default Mobility Domain Name are the same it should come up.
  Interestingly I have found the 5508 reports its own management interface MAC address incorrectly when viewing the Mobility Groups:
  For example:
  {Screen shot WLC1.jpg}
  5508 management address is 10.95.x.x and when viewing the Mobility Management screen it shows its own MAC address as bc:16:65:f9:37:60.
  however!
  From our router is I do an sh arp | i 10.95.x.x (controller management address), I see:f872.eaee.becf.
  {Screen shot wlc2.jpg}
  Hence the WLC reports as: bc:16:65:f9:37:60
  and
  The network reports as: f872.eaee.becf for the same IP address.
  I have changed the other WLC's to the MAC adress seen on the network for the new controller, aka changed from
  bc:16:65:f9:37:60
  to
  f8:72:ea:ee:be:cf
  I now see the controllers reporting the mobility with the new controller as 'Control Path Down', however I am at a loss as to what may be causing this?
  Kind regards
  Dave Bell

• Best Practice Regarding Large Mobility Groups

  I was reading the WLC Best Practices and was wondering if anyone could put a number to this statement regarding the largest number of APs, end users, and controllers which can contained in a Mobility Group.
  We would be deploying WiSMs in two geographically dispersed data centers. No voice is being used or is planned.
  "Do not create unnecessarily large mobility groups. A mobility group should only have all controllers that have access points in the area where a client can physically roam, for example all controllers with access points in a building. If you have a scenario where several buildings are separated, they should be broken into several mobility groups. This saves memory and CPU, as controllers do not need to keep large lists of valid clients, rogues and access points inside the group, which would not interact anyway.
  Keep in mind that WLC redundancy is achieved through the mobility groups. So it might be necessary in some situations to increase the mobility group size, including additional controllers for
  redundancy (N+1 topology for example)."
  I would be interested in hearing about scenarios where a Catalyst 6509 with 5 WiSM blades is deployed in data centers which back each other up for cases of disaster recovery.
  Can I have one large Mobility group? This would be easier to manage.
  or
  Would it be better to back up each blade with a blade in the second data center? This would call for smaller Mobility Groups.
  Be glad to elaborate further if anyone has a similar experience and needs more information.
  All responses will be rated.
  Thanks in advance.
  Paul

  Well, that is a large group indeed, and I would say most organizations use nested groups instead of adding these behemoths to the directory as they are quite difficult to work with.  If it's a one-time thing, you could create it manually in bite-sized
  chunks with LDIF or the like, so that FIM only has to do small delta changes afterwards.
  The 5,000 member limit mostly applies to groups prior to the change to linked value storage.  What is your forest functional level, and have you verified that this group is using linked values?
  Steve Kradel, Zetetic LLC